[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN103200172B - A kind of method and system of 802.1X accesses session keepalive - Google Patents

A kind of method and system of 802.1X accesses session keepalive Download PDF

Info

Publication number
CN103200172B
CN103200172B CN201310053064.3A CN201310053064A CN103200172B CN 103200172 B CN103200172 B CN 103200172B CN 201310053064 A CN201310053064 A CN 201310053064A CN 103200172 B CN103200172 B CN 103200172B
Authority
CN
China
Prior art keywords
clients
authentication
authentication points
keep
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310053064.3A
Other languages
Chinese (zh)
Other versions
CN103200172A (en
Inventor
梁乾灯
范亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201310053064.3A priority Critical patent/CN103200172B/en
Publication of CN103200172A publication Critical patent/CN103200172A/en
Priority to EP13875702.6A priority patent/EP2950499B1/en
Priority to PCT/CN2013/083699 priority patent/WO2014127630A1/en
Priority to RU2015136853A priority patent/RU2639696C2/en
Priority to US14/766,053 priority patent/US9918353B2/en
Application granted granted Critical
Publication of CN103200172B publication Critical patent/CN103200172B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/25Maintenance of established connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/28Timers or timing mechanisms used in protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/19Connection re-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method and system of 802.1X access session keepalives, are related to the communications field, the method includes:During 802.1X clients access network, for access authentication authentication points according to authentication points practical keepalive period, send to determine the whether extremely off-grid keep-alive request message of the 802.1X clients to 802.1X clients;Within the authentication points predetermined time; if the authentication points do not receive the keep-alive response message of keep-alive request message described in the 802.1X client end responses; then the authentication points determine the 802.1X clients exception off-network, and otherwise the authentication points determine the 802.1X clients normally in net.The present invention improves network resource utilization, reduces the risk of the authentication points appearance safety issue that over-burden and periodic metering mistake by extending existing 802.1X agreements.

Description

A kind of method and system of 802.1X accesses session keepalive
Technical field
The present invention relates to the communications field, it is more particularly to a kind of based on 802.1X agreements access session keepalive method and its Related system.
Background technology
With the fast development of the Internet, applications and intelligent terminal, WLAN WLAN applications are very universal, very More public places deploy WLAN, such as factory, school, coffee shop etc..Accessing network by WLAN has become user's access net One of most important means of network resource, user can access interconnection whenever and wherever possible by various terminal equipments such as mobile phone, computers Net carries out the activities such as online working, amusement.As demand of the public to accessing internet by WLAN whenever and wherever possible constantly increases Add, government and operator have launched respectively the construction plan of Public WLAN networks hot spot and hot-zone, and urban has been completed Wlan network including the area such as commercial center, big-and-middle universities and colleges covers on a large scale, this also further have stimulated terminal user's use The frequency of wlan network so that while online WLAN terminal quantity is skyrocketed through.
The connection control method for currently accessing WLAN user network mainly has 802.1X modes and DHCP user The several ways such as Option60 and web authentication, since these types of mode at design initial stage does not all account for ultra-large user The scene of WLAN is accessed simultaneously, these access ways have the defects of a common that can not exactly perceive in time online in such a scenario Whether user leaves network, the i.e. mechanism without providing User Status keep-alive extremely.User is often because under a variety of causes exception Line does not send offline message to access control equipment.For the network of WLAN hot-zones, as a large number of users constantly accesses Simultaneously " silently leave ", " online " number of users that WLAN control planes network equipment needs manage is continuously increased wlan network, Lead to the network equipment, especially user authentication and the management equipment of WLAN control planes(That is gateway device)Burden gradually add Weight, there are the wastings of resources and some potential safety problems.
802.1X+EAP using more and more common, is especially accessed in scene in WLAN by conduct in WLAN user access The major way of user's unaware certification.802.1X+EAP+DHCPv4/DHCPv6,802.1X+EAP+ usually may be used in user The mode access authentication of Static IP/ shaftless drivings SLAAC simultaneously obtains three layer address.User and authentication points/net The access protocol closed between equipment does not have keepalive mechanism, once link exception or user are extremely offline, authentication points/gateway device is not It can detect that user is offline in time, so as to influence the billing accuracy of user and expend the memory source of authentication points/gateway device.To the greatest extent Pipe authentication points/gateway device can pass through user's on-line checking(Such as unicast ARP request)Or user's free time flow detection these Whether supplementary means is abnormal offline to detect user, but these methods are unrelated with access protocol 802.1X, need additional association View is supported, general relatively to expend resource, influences authentication points/gateway device performance.All in all, existing 802.1X mechanism is extended The link layer keepalive mechanism for realizing similar PPP LCP types will be a kind of good alternative solution.
Invention content
The purpose of the present invention is to provide a kind of method and system for accessing session keepalive, by extending existing 802.1X Agreement is confirmed and is maintained solve a large number of users and do not send deferred information directly off network to the state of online user Caused by the problem of resource waste of authentication points, security risk and the problems such as billing error.
According to an aspect of the invention, there is provided a kind of method of 802.1X accesses session keepalive, including:
During 802.1X clients access network, for access authentication authentication points according to authentication points practical keepalive period, It sends to determine the whether abnormal off-grid keep-alive request message of the 802.1X clients to 802.1X clients;
Within the authentication points predetermined time, if the authentication points do not receive keep-alive described in the 802.1X client end responses and ask The keep-alive response message of message, then the authentication points determine the 802.1X clients exception off-network, otherwise the authentication points are true The fixed 802.1X clients are normally in net.
Preferably, it further includes:
During 802.1X clients access network, 802.1X clients are according to client practical keepalive period, to authentication points Send for determine the authentication points whether the keep-alive request message of abnormal state;
Within the client predetermined time, if the 802.1X clients do not receive the authentication points and respond the keep-alive request The keep-alive response message of message, then the 802.1X clients determine the authentication points abnormal state, otherwise, 802.1X visitor Family end determines that certification dotted state is normal.
Preferably, before the authentication points/802.1X clients send keep-alive request message to opposite end, 802.1X is further included Client access authentication step, including:
What the authentication points received that the 802.1X clients send start to notice request message, and to 802.1X clients Send identity request message;
The authentication points receive the identity response message of identity request message described in the 802.1X client end responses, and will The identity response message is encapsulated into authentication request message, is sent to certificate server;
The certificate server determines to reflect according to the authentication request message via authentication points and the 802.1X clients Power mode, and according to the authentication mode, authentication process is carried out to 802.1X clients;
The handling result for authenticating successfully/failure is encapsulated into access acceptance/refuse information by the certificate server, is sent To authentication points.
Preferably, during the 802.1X clients access authentication, when the beginning that the 802.1X clients are sent When not carrying suggestion keepalive period in notice request message, the suggestion keepalive period is encapsulated into logical by the 802.1X clients It accuses in request message, the authentication points is sent to, so that the authentication points determine authentication points practical keepalive period.
Preferably, the access acceptance message that authentication points parsing receives obtains therein for opening keep-alive work( The authorization attribute of energy, and according to described specified identity or service management are opened for opening the authorization attribute of keepalive feature The keepalive feature of 802.1X clients corresponding to domain identifier, to carry out 802.1X access session keepalives.
Preferably, the authentication points determine authentication points practical keepalive period by following steps:
Authentication points parsing receive it is described start to notice request message or the notice request message, obtain therein It is recommended that keepalive period;
The access acceptance message that the authentication points parsing receives, obtains mandate keepalive period therein;
The authentication points are locally matched using the suggestion keepalive period and/or the mandate keepalive period and/or authentication points The local keepalive period put determines the authentication points practical keepalive period.
Preferably, the client practical keepalive period is the acquiescence keepalive period of 802.1X clients local.
Preferably, the keep-alive response message that the 802.1X clients parsing receives, obtains pressure keep-alive therein Period, and according to the pressure keepalive period, adjust client practical keepalive period.
According to another aspect of the present invention, a kind of system of 802.1X accesses session keepalive is provided, including 802.1 clients It holds, for the authentication points and certificate server of access authentication, wherein, the authentication points include:
Authentication points message transmission module, for 802.1X clients access network during, according to the practical keep-alive of authentication points Period sends to determine the whether abnormal off-grid keep-alive request message of the 802.1X clients to 802.1X clients;
Client state determining module, within the authentication points predetermined time, being rung if not receiving the 802.1X clients Answer the keep-alive response message of the keep-alive request message, it is determined that otherwise the 802.1X clients exception off-network determines described 802.1X clients are normally in net.
Preferably, 802.1 client includes:
Client message sending module, for 802.1X clients access network during, according to the practical keep-alive of client Period, to authentication points send for determine the authentication points whether the keep-alive request message of abnormal state;
Authentication points state determining module, within the client predetermined time, if not receiving described in the authentication points response The keep-alive response message of keep-alive request message, it is determined that the authentication points abnormal state, otherwise, it determines certification dotted state is normal.
Compared with prior art, the beneficial effects of the present invention are:
1st, whether the present invention enables authentication points to perceive user in time abnormal by authentication points to 802.1X client keep-alives Network is left, so as to improve network resource utilization, especially WLAN access networks realize simplicity, and extension is flexible;
2nd, present invention reduces the authentication points accessed for certification to there is the safety issue and periodic metering that over-burden The risk of mistake;
3rd, the present invention enables 802.1X clients to perceive authentication points in time by 802.1X clients to authentication points keep-alive State, and in authentication points abnormal state, other effective nodes are selected in time, so as to promote user experience.
Description of the drawings
Fig. 1 is the Method And Principle block diagram of 802.1X accesses session keepalive provided by the invention;
Fig. 2 is the method flow diagram of 802.1X accesses session keepalive provided by the invention;
Fig. 3 is the system block diagram of 802.1X accesses session keepalive provided by the invention;
Fig. 4 is the system topology schematic of 802.1X access session keepalives that first embodiment of the invention provides;
Fig. 5 is the method flow diagram of 802.1X access session keepalives that first embodiment of the invention provides;
Fig. 6 is the beginning notice message schematic diagram of extension provided by the invention;
Fig. 7 is EAPOL keep-alive messages schematic diagram provided by the invention;
Fig. 8 is the system topology schematic of 802.1X access session keepalives that second embodiment of the invention provides;
Fig. 9 is the method flow diagram of 802.1X access session keepalives that the second embodiment of the present invention provides;
Figure 10 is the system topology schematic of 802.1X access session keepalives that third embodiment of the invention provides;
Figure 11 is the method flow diagram of 802.1X access session keepalives that third embodiment of the invention provides.
Specific embodiment
Below in conjunction with attached drawing to a preferred embodiment of the present invention will be described in detail, it should be understood that described below is excellent Embodiment is selected to be merely to illustrate and explain the present invention, is not intended to limit the present invention.
The present invention considers that the equipment directly with client progress 802.1X interacting messages is in current wlan network 802.1X authentication points, and identifying procedure is by EAPOL message triggers, therefore present invention extension EAPOL message, realize client with Two-way keepalive mechanism between authentication points.The mechanism is equally applicable to user in cable access network and is recognized using 802.1X clients Demonstrate,prove the scene of access.The EAPOL refers to EAP and is carried on LAN, i.e. 802.1X agreements.
Fig. 1 is the Method And Principle block diagram of 802.1X accesses session keepalive provided by the invention, as shown in Figure 1, step includes:
Step 101:During 802.1X clients access network, protected for the authentication points of access authentication according to authentication points are practical Period living sends to determine the whether abnormal off-grid keep-alive request message of the 802.1X clients to 802.1X clients.
Step 102:Within the authentication points predetermined time, if the authentication points are not received described in the 802.1X client end responses The keep-alive response message of keep-alive request message, then the authentication points determine the 802.1X clients exception off-network, it is otherwise described Authentication points determine the 802.1X clients normally in net.
In addition to above-mentioned steps 101 and step 102, during further including 802.1X clients access network, 802.1X clients According to client practical keepalive period, send whether the keep-alive request of abnormal state disappears for determining the authentication points to authentication points Breath;Within the client predetermined time, if the 802.1X clients do not receive the authentication points and respond the keep-alive request message Keep-alive response message, then the 802.1X clients determine the authentication points abnormal state, otherwise, the 802.1X clients Determine that certification dotted state is normal.
That is, keepalive mechanism can be established between 802.1X clients and authentication points, make 802.1X protocol conversations Whether interactive either party can timely and effectively perceive other side abnormal, such as in above-mentioned steps 101 and step 102, authentication points It is extremely offline that 802.1X clients are perceived using keepalive mechanism.
Fig. 2 is the method flow diagram of 802.1X accesses session keepalive provided by the invention, as shown in Fig. 2, step includes:
Step 1:802.1X site STAs transmission start notice request message EAPOL-StartAnnouncement to for The authentication points of access authentication, and carry keep-alive in the extension TLV options of EAPOL-Start-Announcement message and support Identification information and suggestion keepalive period information.The extension TLV choice formats are as shown in Figure 6.
Step 2:Authentication points preserve the suggestion keepalive period information of STA, and send identity request message EAPOL-EAP- Request-Identity asks for authentication information to STA.After STA receives the message, identity is returned to the authentication points Response message EAPOL-EAP-Response-Identity.
Step 3:Authentication points carry EAPOL-EAP-Response-Identity message in authentication request message Certificate server, i.e. aaa server are sent in Access-Request.
Step 4:Aaa server negotiates specific authentication mode by authentication points and STA, and STA is authenticated, and authenticates As a result authentication points are sent to EAP-Success or EAP-Failure message.
Further, EAP-Success the or EAP-Failure message is encapsulated into access acceptance/refuse information, hair It send to authentication points.
Further, the EAP authentication protocols between STA and aaa server include EAP-PEAP, EAP-SIM, EAP-AKA, EAP-TLS、EAP-TTLS。
Further, the authentication protocol between authentication points and aaa server is including Radius, Diameter etc..
Step 5:The local keepalive period and AAA that authentication points are locally configured according to suggestion keepalive period of STA, authentication points Server licenses to the mandate keepalive period of STA, the comprehensive authentication points practical keepalive period determined for the STA.
Further, under default situations aaa server mandate keepalive period highest priority, what authentication points were locally configured Local keepalive period priority is taken second place, and the suggestion keepalive period priority of STA is minimum.The priority orders allow according to configuration Developing Tactics.
That is, for keep-alive of the authentication points to 802.1X clients, allow the tripartite role of 802.1X authentication models (That is 802.1X clients, authentication points and certificate server)Participation is negotiated the specific keepalive period of 802.1X protocol conversations, and by Authentication points finally determine effective authentication points practical keepalive period according to the selection strategy of configuration, and according to authentication points reality Keepalive period carries out the keep-alive of 802.1X protocol conversations, and the premise of tripartite's role negotiation permission in 802.1X authentication models Under, authentication points is allowed to be adjusted according to situations such as own load to the keepalive period of 802.1X sessions into Mobile state.
Step 6:Authentication points send keep-alive request message, STA is received according to the authentication points practical keepalive period of the STA to STA Keep-alive response message is returned after to the message.
Further, the keep-alive request message and the keep-alive response message are referred to as EAPOL keep-alive messages EAPOL- Keepalive, message content include following field:
Protocol Version:Protocol type(EAPOL), length is 1 byte, and length is in current newest version number 3;
Packet Type:EAPOL type of messages, EAPoL-Keepalive message are proposed with 0xf, and length is 1 byte;
Packet Body Length:Message-length, length are 2 bytes;
Message Type:EAPOL-Keepalive type of messages, length are 1 byte, and 0 represents keep-alive request message Echo request, 1 represents keep-alive response message Echo reply;
Forced Flag:1 byte indicates whether that its keepalive period is changed as the effective of oneself suggestion in mandatory requirement opposite end Keepalive period is defaulted as not forcing.
Timer Period:Keepalive period, length are 2 bytes, and 0 represents invalid, and 65535 represent not keep-alive, and other values are Virtual value, it is proposed that value 180s.
Sequence number:Sequence number, length are 4 bytes, identify one group of keep-alive request and response, and initial value is random, When keep-alive request is because of response Retransmission timeout, sequence number remains unchanged, when sending new keep-alive request, sequence number increments.
In this flow, EAPOL-Start-Announcement can not carry whether STA supports keep-alive and suggestion The information such as keepalive period can individually send the EAPOL notices for carrying these information in certification to authentication points, STA to authentication points Message EAPOL-Announcement-Req, if authentication points STA certifications completion before learn in time STA whether support keep-alive and It is recommended that keepalive period.That is, during 802.1X client access authentications, 802.1X clients can be in EAPOL- Corresponding scaling option is carried in StartAnnouncement or EAPOLAnnouncement-Req, it is recommended that keepalive period Etc. information inform to authentication points;Certificate server is authorized the information such as keepalive period to use in the success of 802.1X client certificates The authorization attribute of extension is handed down to authentication points in access acceptance message, and authentication points can also be directed to the management domain or specified specified The local keepalive period that the user of identity is locally configured.Authentication points after the access acceptance message of certificate server is received, According to the selection strategy being locally configured, a keepalive period is selected from these keepalive periods as authentication points practical keep-alive week Phase starts to perform the keep-alive message interaction of 802.1X protocol conversations.
Above-mentioned steps are keep-alive of the authentication points to STA, and similarly, STA can also be to authentication points keep-alive, and STA is to authentication points Keep-alive is optional function, and generally it is not recommended that opening, but authentication points are required to the keep-alive request of response STA.Specifically, institute The client practical keepalive period of client acquiescence can also be used by stating STA, and keep-alive request is initiated, and receive and come to authentication points New pressure keepalive period in the keep-alive response message of authentication points.That is, for 802.1X clients to the guarantor of authentication points It is living, allow authentication points according to tripartite's role negotiation result suggestion of 802.1X authentication models or 802.1X clients is forced to be adjusted Whole, the pressure keepalive period as client practical keepalive period is carried to 802.1X clients in keep-alive response message.
It can be seen that after the success of 802.1X clients access authentication, 802.1X clients and/or authentication points can be to The opposite equip. of 802.1X protocol conversations sends keep-alive request message, and the opposite equip. of 802.1X protocol conversations responds keep-alive response Message, identical flow are repeated with certain client and/or authentication points practical keepalive period.The keepalive mechanism is two-way , it can unidirectionally be turned on and off, such as can only open keep-alive behavior of the authentication points to 802.1X clients, authentication authorization and accounting point hair Keep-alive request message is sent, corresponding 802.1X clients respond keep-alive response message.
Further, keepalive mechanism is turned on and off, independently of the access authentication flow of 802.1X, only in 802.1X client It is performed after the certification success of end.Specifically, authentication points can to specify the 802.1X clients of identity or domain identifier open or Keepalive feature is closed, which can be the information such as user MAC, user account or international mobile subscriber identifier, the domain Mark can be the domain name of authentication points or certificate server for the service management domain of one group of user, be performed by authentication points for this A little designated users are turned on and off the action of keepalive feature.
802.1X clients state whether itself supports keepalive feature(Starting to notice request message or noticing request message It is middle to carry corresponding scaling option, keepalive feature whether will be supported to inform authentication points, authentication points acquiescence 802.1X clients are not propped up Hold keepalive feature)If supported, may choose whether to open keepalive feature.Certificate server can determine according to the strategy of its configuration Surely which user keep-alive is carried out for, and in the success of 802.1X clients access authentication, pass through the carrying pair of access acceptance message The authorization attribute for being used to open keepalive feature answered specifically is turned on and off keepalive feature to authentication points by authentication points execution Action.
Above-mentioned 802.1X STA refer to 802.1X clients, can be equipped with the computer of wireless network card or whether there is The smart mobile phone of line fidelity WiFi module.STA can be mobile or fixed, be the most basic composition list of WLAN Member.
Fig. 3 is the system block diagram of 802.1X accesses session keepalive provided by the invention, as shown in figure 3, including:
Authentication points:In 802.1X client access authentication procedures, it is responsible for selected certificate server and converts relaying The message identifying of 802.1X clients and certificate server interacts, and receives keep-alive suggestion and the certificate server of 802.1X clients Authorization attribute(Relevant parameter mandate including being directed to 802.1X client keep-alives), and in the success of 802.1X client certificates Final choice suitable keepalive period starts to perform the operation of the keep-alive to 802.1X clients;
802.1X client:It is responsible for carrying out the access authentication interaction of 802.1X agreements, according to setting active reporting keep-alive work( It can relevant parameter(Include whether to support keep-alive, it is proposed that keepalive period etc.), the keep-alive of authentication points is responded after the authentication has been successful Request message.When necessary, authentication points can also be actively directed to according to setting and carries out keep-alive, send keep-alive request message and receive to recognize Demonstrate,prove the keep-alive response message of point;
Certificate server:It is responsible for carrying out EAP authentication interaction to 802.1X clients and authorization attribute issues, authenticates successfully When, the policy distribution according to known to it carries out the relevant parameter of keep-alive to authentication points for 802.1X clients.
Wherein, the authentication points include:
Authentication points message transmission module, for 802.1X clients access network during, according to the practical keep-alive of authentication points Period sends to determine the whether abnormal off-grid keep-alive request message of the 802.1X clients to 802.1X clients;
Client state determining module, within the authentication points predetermined time, being rung if not receiving the 802.1X clients Answer the keep-alive response message of the keep-alive request message, it is determined that otherwise the 802.1X clients exception off-network determines described 802.1X clients are normally in net.
802.1 client includes:
Client message sending module, for 802.1X clients access network during, according to the practical keep-alive of client Period, to authentication points send for determine the authentication points whether the keep-alive request message of abnormal state;
Authentication points state determining module, within the client predetermined time, if not receiving described in the authentication points response The keep-alive response message of keep-alive request message, it is determined that the authentication points abnormal state, otherwise, it determines certification dotted state is normal.
Below in conjunction with Fig. 4 to Figure 11, the keep-alive of 802.1X clients is stressed for authentication points.
Fig. 4 is the system topology schematic of 802.1X access session keepalives that first embodiment of the invention provides, such as Fig. 4 institutes Show, wideband network gateway BNG is used as the scene of authentication points, and wireless access point AP is in local forward mode, BNG and AAA services Using remote customer dialing authentication system Radius protocols between device, the scene can be Radio Access Controller AC and BNG is merged or AC and BNG separation.
Fig. 5 is the method flow diagram of 802.1X access session keepalives that first embodiment of the invention provides, i.e. is described in Fig. 4 The flow chart of system, step include:
Step 1:After STA associated APs, the EAPOL-Start-Announcement message of extension carries keep-alive and supports mark Information and suggestion keepalive period information, and the message is sent to BNG through AP.The EAPOL-Start-Announcement of extension Message schematic diagram is as shown in Figure 6.
The keep-alive supports identification information to be used to indicate whether to support keepalive feature.
Step 2:After BNG receives the EAPOL-Start-Announcement message of STA transmissions, STA is therefrom extracted Suggestion keepalive period information and preserve, and pass through AP to STA send EAPOL-EAP-Request-Identity message;STA After receiving EAPOL-EAP-Request-Identity message, EAPOL-EAP-Response-Identity is sent to BNG through AP Message.
Step 3:BNG is encapsulated in EAPOL-EAP-Response message the authentication request message of radius protocol In Access-Request, it is sent to aaa server.
Step 4:Aaa server and STA negotiate specific authentication mode, and STA is authenticated by aaa server.
Step 5:Aaa server sends the EAP-FAILURE for authenticating successful EAP-SUCCESS message or failed authentication Message, and the message is encapsulated in the permission of radius protocol message/refusal access message Access-Accept/Reject Middle transmission BNG.
Further, keepalive period information is authorized if had in the signing information of the user, aaa server exists The information is carried in Access-Accept message and is sent to BNG.
Step 6:BNG is according to the suggestion keepalive period information of STA, the local keepalive period information being locally configured and AAA The mandate keepalive period information of server determines authentication points to the authentication points of the STA keep-alives practical keepalive period.
Step 7:BNG sends keep-alive request message according to the authentication points practical keepalive period to STA, and STA receives this and disappears Keep-alive response message is returned after breath.The recommended format of keep-alive request message and keep-alive response message is as shown in Figure 7.
Step 8:STA sends out DynamicHost setting protocol discovery message DHCP Discover IP address requestings, is sent through AP To BNG, the IP address for completing STA between BNG and STA by DHCP protocol is distributed, and also allows BNG as DHCP Relay/ Proxy acts on behalf of DHCP Server and completes the address allocation flow.
Particularly, the step 8 and step 1 to the no temporal sequencing of step 7.
Step 9:BNG judges that the STA has been subjected to certification, allows the uplink and downlink data that STA is forwarded to access network side equipment.
Fig. 8 is the system topology schematic of 802.1X access session keepalives that second embodiment of the invention provides, such as Fig. 8 institutes Show, compared with first embodiment, the present embodiment is the scene using AC as authentication points, passes through BNG phases between AC and aaa server Even, idiographic flow is as shown in figure 9, step includes:
Step 1:After STA associated APs, the EAPOL-Start-Announcement message carrying of extension is that mark is supported in keep-alive Know information and suggest keepalive period information, and the message is sent to AC through AP.EAPOL-Start- after extension Announcement message schematic diagrames are as shown in Figure 6.
Step 2:After AC receives the EAPOL-Start-Announcement message of STA transmissions, building for STA is therefrom extracted View keepalive period information simultaneously preserves, and passes through AP and send EAPOL-EAP-Request-Identity message to STA, and STA is received After EAPOL-EAP-Request-Identity message, EAPOL-EAP-Response-Identity message is sent to AC through AP.
Step 3:The certification request that AC is encapsulated in EAPOL-EAP-Response-Identity message radius protocol disappears It ceases in Access-Request, is sent to aaa server.
Further, when BNG is as Radius Proxy network elements between AC and AAA, BNG is needed to Radius agreements Message is Resealed.
Step 4:Aaa server and STA negotiate specific authentication mode, and STA is authenticated by aaa server.
Step 5:Aaa server sends the EAP-FAILURE for authenticating successful EAP-SUCCESS message or failed authentication The message is encapsulated in the Access-Accept/Reject message of radius protocol message and sends AC by message.
Further, keepalive period information is authorized if had in the signing information of the user, aaa server exists The information is carried in Access-Accept message and is sent to AC.
Step 6:AC is according to the suggestion keepalive period information of STA, the silent local keepalive period information being locally configured and AAA The mandate keepalive period information of server mandate determines authentication points to the authentication points of the STA keep-alives practical keepalive period.
Step 7:AC sends keep-alive request message according to the authentication points practical keepalive period to STA, and STA receives the message The recommended format of return keep-alive response message later, the keep-alive request message and keep-alive response message is as shown in Figure 7.
Step 8:STA sends out DHCP Discover message request IP address, is sent to AC through AP, passes through between AC and STA DHCP protocol completes the IP address distribution of STA.
Particularly, the step 8 and the step 1 to the no temporal sequencing of step 7.
Step 9:AC judges that the STA has been subjected to certification and address is allocated successfully, then sending user's notice of reaching the standard grade to BNG disappears Breath.
Further, when BNG is as Radius Proxy network elements between AC and aaa server, which can be Account start message.
Step 10:BNG receives user and reaches the standard grade after notice message, allows the uplink and downlink that STA is forwarded to access network side equipment Data.
Figure 10 is that the 802.1X of third embodiment of the invention offer accesses the system topology schematic of session keepalive, such as Figure 10 Shown, the present embodiment is by home gateway RG(Residential Gateway)Or fixed terminal is incited somebody to action as 802.1X clients The scene of access device or BNG as authentication points, idiographic flow is as shown in figure 11, and step includes:
Step 1:It is keep-alive branch that RG or fixed terminal carry in the EAPOL-Start-Announcement message of extension It holds identification information and suggests keepalive period information, and transmit the message to access device or BNG.The EAPOL-Start- of extension Announcement message format schematic diagrames are as shown in Figure 6.
Step 2:Access device or BNG receive the EAPOL-Start-Announcement that RG or fixed terminal are sent and disappear It after breath, therefrom extracts the suggestion keepalive period of RG or fixed terminal and preserves, and EAPOL- is sent to RG or fixed terminal After EAP-Request-Identity message, RG or fixed terminal receive EAPOL-EAP-Request-Identity message, to Access device or BNG send EAPOL-EAP-Response-Identity message.
Step 3:EAPOL-EAP-Response-Identity message is encapsulated in radius protocol by access device or BNG Authentication request message Access-Request in, be sent to aaa server.
Step 4:Aaa server and RG or fixed terminal negotiate specific authentication mode, and by aaa server to RG or solid Determine terminal to be authenticated.
Step 5:Aaa server sends the EAP-FAILURE for authenticating successful EAP-SUCCESS message or failed authentication Message, and by the message be encapsulated in radius protocol message AccessAccept/Reject message send access device or BNG。
Further, keepalive period information is authorized if had in the signing information of the user, aaa server is in Access- The information is carried in Accept message and is sent to access device or BNG.
Step 6:Access device or BNG locally match according to suggestion keepalive period, access device or the BNG of RG or fixed terminal The local keepalive period put and aaa server license to the mandate keepalive period of RG or fixed terminal, determine access device or BNG is to the authentication points of the RG or fixed terminal keep-alive practical keepalive period.
Step 7:Access device or BNG send keep-alive according to the authentication points practical keepalive period to RG or fixed terminal please Message, RG or fixed terminal is asked to return to keep-alive response message after receiving the message.Keep-alive request message and keep-alive response message Form it is as shown in Figure 7.
Step 8:RG or fixed terminal send out DHCP Discover message request IP address, be sent to BNG, BNG and RG or The IP address that RG or fixed terminal are completed by DHCP protocol between fixed terminal is distributed.
Particularly, the step 8 and the step 1 to the no temporal sequencing of step 7.
Step 9:Access device or BNG judge that the RG or fixed terminal have been subjected to certification, allow to forward RG or fixed terminal Access the uplink and downlink data of network side equipment.
Each step or each component of the present invention can realize that they can concentrate on single with general computing device It on computing device or is distributed on the network that multiple computing devices are formed, optionally, they can be held with computing device Capable program code is realized, is performed it is thus possible to be stored in storage device by computing device, and certain In the case of, it can be with the steps shown or described are performed in an order that is different from the one herein or is fabricated to them respectively each Multiple steps in them or component are fabricated to single integrated circuit module to realize by integrated circuit modules.In this way, this Invention is not limited to any specific hardware and software and combines.
Although the present invention is described in detail above, but the invention is not restricted to this, those skilled in the art of the present technique It can be carry out various modifications with principle according to the present invention.Therefore, all modifications made according to the principle of the invention, all should be understood to Fall into protection scope of the present invention.

Claims (10)

  1. A kind of 1. method of 802.1X accesses session keepalive, which is characterized in that including:
    During 802.1X client access authentications, guarantor is carried for the authentication points reception 802.1X client transmissions of access authentication Support identification information living starts notice request message with suggestion keepalive period information, to carry out access authentication;
    After the success of 802.1X clients access authentication, the authentication points are locally matched according to the suggestion keepalive period, authentication points The local keepalive period put and aaa server license to the mandate keepalive period of the 802.1X clients, according to configuration Selection strategy synthesis determines the authentication points practical keepalive period for the 802.1X clients;
    During 802.1X clients access network, the authentication points are according to authentication points practical keepalive period, to 802.1X client End sends to determine the whether abnormal off-grid first keep-alive request message of the 802.1X clients.
  2. 2. it according to the method described in claim 1, it is characterized in that, further includes:
    Within the authentication points predetermined time, if the authentication points do not receive the first keep-alive described in the 802.1X client end responses and ask The keep-alive response message of message, then the authentication points determine the 802.1X clients exception off-network, otherwise the authentication points are true The fixed 802.1X clients are normally in net;
    Within the client predetermined time, if the 802.1X clients do not receive the authentication points and respond the second keep-alive request The keep-alive response message of message, then the 802.1X clients determine the authentication points abnormal state, otherwise, 802.1X visitor Family end determines that certification dotted state is normal.
  3. 3. method according to claim 1 or 2, which is characterized in that sent out in the authentication points/802.1X clients to opposite end Before sending keep-alive request message, 802.1X client access authentication steps are further included, including:
    What the authentication points reception 802.1X clients were sent starts to notice request message, and is sent to 802.1X clients Identity request message;
    The authentication points receive the identity response message of identity request message described in the 802.1X client end responses, and by described in Identity response message is encapsulated into authentication request message, is sent to certificate server;
    The certificate server determines authentication side according to the authentication request message via authentication points and the 802.1X clients Formula, and according to the authentication mode, authentication process is carried out to 802.1X clients;
    The handling result for authenticating successfully/failure is encapsulated into access acceptance/refuse information by the certificate server, is sent to and is recognized Card point.
  4. 4. according to the method described in claim 3, it is characterized in that, during the 802.1X clients access authentication, when described 802.1X clients send it is described start to notice in request message when not carrying suggestion keepalive period, the 802.1X clients The suggestion keepalive period is encapsulated into notice request message, the authentication points are sent to, so that the authentication points determine to recognize Card point practical keepalive period.
  5. 5. according to the method described in claim 4, it is characterized in that, the access acceptance that authentication points parsing receives disappears Breath obtains the authorization attribute therein for being used to open keepalive feature, and according to described for opening the authorization attribute of keepalive feature, The keepalive feature of 802.1X clients corresponding to the specified identity of unlatching or service management domain identifier, to carry out 802.1X Access session keepalive.
  6. 6. according to the method described in claim 5, it is characterized in that, the authentication points described start to notice by what parsing received Request message or the notice request message, obtain suggestion keepalive period therein;The authentication points are by parsing the institute received Access acceptance message is stated, obtains mandate keepalive period therein.
  7. 7. according to the method described in claim 5, it is characterized in that, the client practical keepalive period is 802.1X clients Local acquiescence keepalive period.
  8. 8. the method according to the description of claim 7 is characterized in that the keep-alive that 802.1X clients parsing receives is rung Message is answered, obtains pressure keepalive period therein, and according to the pressure keepalive period, adjust client practical keepalive period.
  9. 9. a kind of system of 802.1X accesses session keepalive, including 802.1 clients, the authentication points for access authentication and certification Server, which is characterized in that the authentication points include:
    Authentication points message reception module is taken for during 802.1X client access authentications, receiving the transmission of 802.1X clients With keep-alive support identification information and suggest keepalive period information start notice request message, to carry out access authentication;
    Authentication points keepalive period determining module, for 802.1X clients access authentication success after, according to the suggestion keep-alive The mandate that the local keepalive period and aaa server that period, authentication points are locally configured license to the 802.1X clients is protected Period living determines the authentication points practical keepalive period for the 802.1X clients according to the selection strategy synthesis of configuration;
    Authentication points message transmission module, for during 802.1X clients access network, according to authentication points practical keepalive period, It sends to determine the whether abnormal off-grid first keep-alive request message of the 802.1X clients to 802.1X clients.
  10. 10. system according to claim 9, which is characterized in that the authentication points further include client state determining module, For within the authentication points predetermined time, if not receiving the keep-alive response of keep-alive request message described in the 802.1X client end responses Message, it is determined that the otherwise 802.1X clients exception off-network determines the 802.1X clients normally in net.
    802.1 client includes:Client message sending module, for during 802.1X clients access network, pressing According to client practical keepalive period, send whether the second keep-alive of abnormal state is asked for determining the authentication points to authentication points Message;Authentication points state determining module, within the client predetermined time, if not receiving the authentication points responds the keep-alive The keep-alive response message of request message, it is determined that the authentication points abnormal state, otherwise, it determines certification dotted state is normal.
CN201310053064.3A 2013-02-19 2013-02-19 A kind of method and system of 802.1X accesses session keepalive Active CN103200172B (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CN201310053064.3A CN103200172B (en) 2013-02-19 2013-02-19 A kind of method and system of 802.1X accesses session keepalive
EP13875702.6A EP2950499B1 (en) 2013-02-19 2013-09-17 802.1x access session keepalive method, device, and system
PCT/CN2013/083699 WO2014127630A1 (en) 2013-02-19 2013-09-17 802.1x access session keepalive method, device, and system
RU2015136853A RU2639696C2 (en) 2013-02-19 2013-09-17 Method, device and system for maintaining activity of access session on 802,1x standard
US14/766,053 US9918353B2 (en) 2013-02-19 2013-09-17 802.1X access session keepalive method, device, and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310053064.3A CN103200172B (en) 2013-02-19 2013-02-19 A kind of method and system of 802.1X accesses session keepalive

Publications (2)

Publication Number Publication Date
CN103200172A CN103200172A (en) 2013-07-10
CN103200172B true CN103200172B (en) 2018-06-26

Family

ID=48722530

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310053064.3A Active CN103200172B (en) 2013-02-19 2013-02-19 A kind of method and system of 802.1X accesses session keepalive

Country Status (5)

Country Link
US (1) US9918353B2 (en)
EP (1) EP2950499B1 (en)
CN (1) CN103200172B (en)
RU (1) RU2639696C2 (en)
WO (1) WO2014127630A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973658A (en) * 2013-02-04 2014-08-06 中兴通讯股份有限公司 Static user terminal authentication processing method and device
CN103200172B (en) * 2013-02-19 2018-06-26 中兴通讯股份有限公司 A kind of method and system of 802.1X accesses session keepalive
CN103546348A (en) * 2013-10-30 2014-01-29 上海斐讯数据通信技术有限公司 Method for detecting abnormal offline of authenticated user
CN104754764B (en) * 2013-12-30 2018-11-02 中国移动通信集团公司 A kind of information processing method and device
CN107819599B (en) * 2016-09-13 2022-09-30 中兴通讯股份有限公司 Message processing method and device
CN106790012B (en) * 2016-12-14 2020-02-18 深圳市彬讯科技有限公司 User identity authentication method based on 802.1X protocol data packet verification
CN107645556B (en) * 2017-09-26 2018-12-07 中国联合网络通信有限公司广东省分公司 It is a kind of to realize that SDN turns the isolated broadband access of control and keepalive method and device
WO2019113807A1 (en) * 2017-12-12 2019-06-20 Arris Enterprises Llc Method for detecting wi-fi client activity status
CN108092853B (en) * 2017-12-27 2021-09-21 珠海市君天电子科技有限公司 Method, device and system for monitoring link state of server, electronic equipment and storage medium
US10999379B1 (en) 2019-09-26 2021-05-04 Juniper Networks, Inc. Liveness detection for an authenticated client session
CN111654865B (en) * 2020-07-31 2022-02-22 迈普通信技术股份有限公司 Terminal authentication method and device, network equipment and readable storage medium
CN112039894B (en) * 2020-08-31 2023-01-10 北京天融信网络安全技术有限公司 Network access control method, device, storage medium and electronic equipment
CN113765905B (en) * 2021-08-27 2023-04-18 深圳市风云实业有限公司 Data communication method based on trusted service agent
CN113839787B (en) * 2021-11-29 2022-03-04 军事科学院系统工程研究院网络信息研究所 Bidirectional authentication local area network security access protocol method and system
CN114826710B (en) * 2022-04-15 2023-09-26 杭州指令集智能科技有限公司 Internet of Things operating system and method based on MQTT
US12132725B2 (en) 2022-09-14 2024-10-29 Hewlett Packard Enterprise Development Lp Setting system time for server certificate validation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447570A (en) * 2002-03-26 2003-10-08 华为技术有限公司 Network access faciity based on protocol 802.1X and method for realizing handshake at client end
CN1476207A (en) * 2003-07-04 2004-02-18 IP special line charging method and system
CN101232372A (en) * 2007-01-26 2008-07-30 华为技术有限公司 Authentication method, authentication system and authentication device
WO2009129516A1 (en) * 2008-04-18 2009-10-22 Kineto Wireless, Inc. Method and apparatus for direct transfer of ranap messages in a home node b system
CN102404720A (en) * 2010-09-19 2012-04-04 华为技术有限公司 Method and device for sending secret key in wireless local area network

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2160924C1 (en) 1999-08-18 2000-12-20 Государственное унитарное предприятие Центральный научно-исследовательский институт "Курс" Mechanism for checking message timely delivery in real-time data processing and control systems
EP1618720B1 (en) * 2003-04-28 2016-05-18 Chantry Networks Inc. System and method for mobile unit session management across a wireless communication network
JP2007532043A (en) * 2003-11-04 2007-11-08 ネクストホップ テクノロジーズ,インク Secure standard-based communication across wide area networks
CN100544348C (en) 2004-02-03 2009-09-23 华为技术有限公司 Act on behalf of detection method
CN100592688C (en) 2004-12-08 2010-02-24 杭州华三通信技术有限公司 System and method for safety identification to network customer terminal
CN1866900A (en) 2005-05-16 2006-11-22 阿尔卡特公司 Apparatus, and associated method, for providing communication access to a communication device at a network access port
CN100401712C (en) 2005-10-14 2008-07-09 杭州华三通信技术有限公司 Fault treating method for phase switching loop of automatic protection system of Ethernet
CN100589486C (en) 2005-12-09 2010-02-10 中兴通讯股份有限公司 Method for identifying soft ware of automatically being compatible with different 802.1x subscribers
CN101047502B (en) 2006-03-29 2010-08-18 中兴通讯股份有限公司 Network authorization method
CN1881938A (en) 2006-04-27 2006-12-20 中兴通讯股份有限公司 Method and system for preventing and detecting proxy
JP4652285B2 (en) * 2006-06-12 2011-03-16 株式会社日立製作所 Packet transfer device with gateway selection function
CN101127673A (en) 2006-08-16 2008-02-20 华为技术有限公司 Ethernet automatic protection switching method
US8204502B2 (en) * 2006-09-22 2012-06-19 Kineto Wireless, Inc. Method and apparatus for user equipment registration
JP4680866B2 (en) * 2006-10-31 2011-05-11 株式会社日立製作所 Packet transfer device with gateway load balancing function
CN101345683B (en) 2007-07-11 2012-11-28 中兴通讯股份有限公司 Protocol packet transmission control method of Ethernet automatic protection switch system
JP4970189B2 (en) * 2007-08-10 2012-07-04 株式会社東芝 Authentication device, network authentication system, and method and program for authenticating terminal device
CN101141448A (en) 2007-09-28 2008-03-12 西安大唐电信有限公司 Method for implementing IEEE802.1x user port authentication in ethernet passive optical network
CN101426004A (en) * 2007-10-29 2009-05-06 华为技术有限公司 Three layer conversation access method, system and equipment
US8107383B2 (en) 2008-04-04 2012-01-31 Extreme Networks, Inc. Reducing traffic loss in an EAPS system
US7990850B2 (en) 2008-04-11 2011-08-02 Extreme Networks, Inc. Redundant Ethernet automatic protection switching access to virtual private LAN services
CN101309215B (en) 2008-06-25 2010-12-15 北京星网锐捷网络技术有限公司 Ethernet ring network link restoring and detecting method and Ethernet ring network switch
CN101360020B (en) 2008-09-28 2011-04-06 西安电子科技大学 Simulation platform and method based on IEEE802.1X security protocol of EAP
CN101494580B (en) 2009-03-13 2011-09-07 迈普通信技术股份有限公司 Method for reinforcing EAPS looped network reliability
CN101547131B (en) 2009-05-15 2011-04-13 迈普通信技术股份有限公司 EAPS looped network single-channel fault location and protection method
CN101651596B (en) 2009-09-27 2011-06-29 迈普通信技术股份有限公司 Method for accelerating switching during Ethernet automatic protection switching failure
CN101790164B (en) 2010-01-26 2012-10-03 华为终端有限公司 Authentication method, communication system and relevant equipment
CN101834867A (en) 2010-05-07 2010-09-15 杭州华三通信技术有限公司 Client security protection method and device
US8732324B2 (en) * 2010-05-25 2014-05-20 Cisco Technology, Inc. Keep-alive hiatus declaration
CN101883038B (en) 2010-06-30 2015-08-12 中兴通讯股份有限公司 Host node in the method for EAPS looped network protection switching and EAPS looped network
US8520540B1 (en) * 2010-07-30 2013-08-27 Cisco Technology, Inc. Remote traffic monitoring through a network
CN102487348B (en) 2010-12-02 2015-04-01 中兴通讯股份有限公司 Method and system for realizing looped network uplink protection
CN102006236B (en) 2010-12-13 2012-08-08 迈普通信技术股份有限公司 Handover processing method in case of failed Ethernet automatic protection switching (EAPS) looped network link and switching equipment
CN102055636B (en) 2010-12-13 2013-04-10 迈普通信技术股份有限公司 Method for improving accelerated switching during EAPS looped network failure and EAPS looped network system
CN102075938B (en) 2011-02-25 2013-05-15 北京交通大学 Address locking mechanism-based fast re-authentication method
US9504026B2 (en) * 2012-12-13 2016-11-22 Nokia Technologies Oy Keep alive periodicity determination for WiFi networks
CN103200172B (en) 2013-02-19 2018-06-26 中兴通讯股份有限公司 A kind of method and system of 802.1X accesses session keepalive

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447570A (en) * 2002-03-26 2003-10-08 华为技术有限公司 Network access faciity based on protocol 802.1X and method for realizing handshake at client end
CN1476207A (en) * 2003-07-04 2004-02-18 IP special line charging method and system
CN101232372A (en) * 2007-01-26 2008-07-30 华为技术有限公司 Authentication method, authentication system and authentication device
WO2009129516A1 (en) * 2008-04-18 2009-10-22 Kineto Wireless, Inc. Method and apparatus for direct transfer of ranap messages in a home node b system
CN102404720A (en) * 2010-09-19 2012-04-04 华为技术有限公司 Method and device for sending secret key in wireless local area network

Also Published As

Publication number Publication date
WO2014127630A1 (en) 2014-08-28
US9918353B2 (en) 2018-03-13
US20150382397A1 (en) 2015-12-31
CN103200172A (en) 2013-07-10
EP2950499B1 (en) 2018-09-12
RU2015136853A (en) 2017-03-27
RU2639696C2 (en) 2017-12-21
EP2950499A1 (en) 2015-12-02
EP2950499A4 (en) 2016-01-20

Similar Documents

Publication Publication Date Title
CN103200172B (en) A kind of method and system of 802.1X accesses session keepalive
CN101867476B (en) 3G virtual private dialing network user safety authentication method and device thereof
RU2564251C2 (en) Dynamic creation of account in protected network with wireless access point
TWI293844B (en) A system and method for performing application layer service authentication and providing secure access to an application server
JP4865805B2 (en) Method and apparatus for supporting different authentication certificates
CN108029017A (en) The method that safe wifi calling connections are carried out by managed public WLAN accesses
US9775032B2 (en) Method for controlling access point in wireless local area network, and communication system
US10277586B1 (en) Mobile authentication with URL-redirect
US9226153B2 (en) Integrated IP tunnel and authentication protocol based on expanded proxy mobile IP
US20070022476A1 (en) System and method for optimizing tunnel authentication procedure over a 3G-WLAN interworking system
US20040010713A1 (en) EAP telecommunication protocol extension
JP2008236754A (en) Mobile communication network, and method and apparatus for carrying out authentication of mobile node in mobile communication network
WO2014176964A1 (en) Communication managing method and communication system
WO2011127774A1 (en) Method and apparatus for controlling mode for user terminal to access internet
WO2006024969A1 (en) Wireless local area network authentication method
US20100257589A1 (en) method for releasing a high rate packet data session
CN101800686A (en) Method, device and system for realizing service
CN101447976B (en) Method for accessing dynamic IP session, system and device thereof
US8811272B2 (en) Method and network for WLAN session control
KR100977114B1 (en) Method for re-authentication of indoor mobile terminal in indoor WiBro system, and method for authentication of indoor RAS using it
CN103687049B (en) The method and system that multi-connection is established
WO2014032225A1 (en) Quality of service control method, device and system
CN103001927B (en) A kind of position information processing method and system
CN103002443A (en) Acceptance control method and acceptance control system
CN103856933A (en) Authentication method and device of roaming terminal, and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant